Determining whether a user has possession of a transaction card and/or whether the user is authorized to possess the transaction card

ABSTRACT

A device receives a transaction request concerning a transaction and a transaction card from a transaction terminal, and determines, based on the transaction request, information concerning the transaction card. The device sends, based on the transaction request and to a user device, a query concerning possession of the transaction card by a user of the user device, where the query includes an instruction for the user to confirm possession of the transaction card via a component of the user device. The device receives, from the user device and after sending the query to the user device, a response concerning possession of the transaction card by the user, and determines, based on the response and the information concerning the transaction card, whether the user has possession of the transaction card. The device performs, based on determining whether the user has possession of the transaction card, at least one action.

BACKGROUND

Transactions often involve use of a transaction card (e.g., a creditcard, a debit card, a gift card, an automated teller machine (ATM) card,a rewards card, a client loyalty card, and/or the like) to pay forproducts or services at a transaction terminal (e.g., point of sale(PoS) terminal, e.g., via a swiping of the transaction card at a cardreader, insertion of the transaction card into a chip reader, orwireless transmission of transaction card data to a wireless receiver.In some instances, a magnetic strip, integrated circuit (IC) chip, radiofrequency (RF) antenna, and/or radio frequency identification (RFID) tagmay be included in a transaction card to provide information associatedwith the transaction card (e.g., an account identifier, accountinformation, a payment token, or the like).

SUMMARY

According to some implementations, a device may include one or morememories, and one or more processors, communicatively coupled to the oneor more memories, configured to receive a transaction request concerninga transaction and a transaction card from a transaction terminal, and todetermine, based on the transaction request, information concerning thetransaction card. The one or more processors may send, based on thetransaction request and to a user device, a query concerning possessionof the transaction card by a user of the user device, wherein the queryincludes an instruction for the user to confirm possession of thetransaction card via a component of the user device. The one or moreprocessors may receive, from the user device and after sending the queryto the user device, a response concerning possession of the transactioncard by the user, and determine, based on the response and theinformation concerning the transaction card, whether the user haspossession of the transaction card. The one or more processors mayperform, based on determining whether the user has possession of thetransaction card, at least one action.

According to some implementations, a non-transitory computer-readablemedium may store instructions that include one or more instructionsthat, when executed by one or more processors of a device, cause the oneor more processors to receive a transaction request concerning atransaction and a transaction card from a transaction terminal, and todetermine, based on the transaction request, information concerning thetransaction card. The one or more instructions may cause the one or moreprocessors to send, based on the transaction request and to a userdevice, a first query concerning possession of the transaction card by auser of the user device, and to receive, from the user device and aftersending the first query to the user device, a first response concerningpossession of the transaction card by the user of the user device. Theone or more instructions may cause the one or more processors todetermine, based on the first response and the information concerningthe transaction card, that the user of the user device has possession ofthe transaction card. The one or more instructions may cause the one ormore processors to send, to the user device and based on determiningthat the user of the user device has possession of the transaction card,a second query concerning identification of the user of the user device.The one or more instructions may cause the one or more processors toreceive, from the user device and after sending the second query to theuser device, a second response concerning identification of the user ofthe user device, and to determine, based on the second response and theinformation concerning the transaction card, that the user of the userdevice is authorized to possess the transaction card. The one or moreinstructions may cause the one or more processors to perform, based ondetermining that the user of the user device has possession of thetransaction card and determining that the user of the user device isauthorized to possess the transaction card, at least one action.

According to some implementations, a method may include receiving, by adevice, a transaction request concerning a transaction and a transactioncard from a transaction terminal, and determining, by the device andbased on the transaction request, information concerning the transactioncard. The method may include sending, by the device and based on thetransaction request, to a user device a query concerning possession ofthe transaction card by a user of the user device, and receiving, by thedevice and after sending the query to the user device, from the userdevice a response concerning possession of the transaction card by theuser. The method may include determining, by the device and based on theresponse and the information concerning the transaction card, that theuser does not have possession of the transaction card. The method mayinclude performing, by the device and based on determining that the userdoes not have possession of the transaction card, at least one action.

BRIEF DESCRIPTION OF THE DRAWINGS

FIGS. 1A-1F are diagrams of an example implementation described herein.

FIG. 2 is a diagram of an example environment in which systems and/ormethods described herein may be implemented.

FIG. 3 is a diagram of example components of one or more devices of FIG.2.

FIGS. 4-6 are flow charts of example processes for determining whether auser has possession of a transaction card and/or whether the user isauthorized to possess the transaction card.

DETAILED DESCRIPTION

The following detailed description of example implementations refers tothe accompanying drawings. The same reference numbers in differentdrawings may identify the same or similar elements.

A person may initiate a card-present transaction by inputting atransaction card into a slot of a transaction terminal, such as point ofsale (PoS) terminal, an automated teller machine (ATM) terminal, and/orthe like. In some cases, a transaction backend device flags thetransaction card as potentially compromised (e.g., that the transactioncard was lost or stolen, that the transaction card is associated withpotentially fraudulent activity, and/or the like) and prevents thetransaction from completing. In some cases, the transaction backenddevice can allow the transaction and monitor future transaction activityof the transaction card. However, in many of these cases, thetransaction card has in fact been compromised, which results in thetransaction backend device, as well as potentially other devices, usingsubstantial resources (e.g., processor resources, memory resources,power resources, communication resources, and/or the like) to correctand/or mitigate any fraudulent transactions.

Some implementations described herein provide a transactionauthorization platform that determines, during a card-presenttransaction initiated by a person presenting a transaction card to atransaction terminal, whether a user of a user device has possession ofthe transaction card (e.g., whether the person has access to the userdevice associated with the transaction card (e.g., whether thetransaction card is linked to the user device)) and/or whether the userof the user device is authorized to possess the transaction card (e.g.,whether the person, who may have access to the user device, isauthorized to possess the transaction card (e.g., use the transactioncard to conduct card-present transactions)). In some implementations,the transaction authorization platform receives a transaction request,concerning a transaction and a transaction card, from a transactionterminal and determines, based on the transaction request, informationconcerning the transaction card. In some implementations, thetransaction authorization platform sends a first query and receives afirst response concerning possession of the transaction card by the userof the user device. In some implementations, the transactionauthorization platform determines, based on the first response and theinformation concerning the transaction card, that the user of the userdevice has possession of the transaction card. In some implementations,the transaction authorization platform sends a second query and receivesa second response concerning identification of the user of the userdevice. In some implementations, the transaction authorization platformdetermines, based on the second response and the information concerningthe transaction card, that the user of the user device is authorized topossess the transaction card. In some implementations, the transactionauthorization platform performs, or causes to be performed, at least oneaction based on determining whether the user of the user device haspossession of the transaction card and/or whether the user of the userdevice is authorized to possess the transaction card.

In this way, the transaction authorization platform can, whileprocessing a card-present transaction, determine whether the user of theuser device has possession of the transaction card and/or that the userof the user device is authorized to use the transaction card, which canfacilitate determining whether to allow the transaction. Accordingly,the transaction authorization platform can decline a card-presenttransaction where the person presenting the transaction card does nothave a user device associated with the transaction card and/or theperson is not authorized to use the transaction card. This can reducefraudulent card-present transactions, by ensuring that only the user ofthe user device associated with the transaction card may conduct thecard-present transaction, which therefore conserves any computingresources (e.g., processing resources, memory resources, powerresources, and/or the like) and/or network resources involved incorrecting any fraudulent activity that would have been allowed withoutthe use of the transaction authorization platform described herein.Moreover, this enables the user of the user device to immediatelyaddress any security concern regarding the transaction card during thetransaction, which can improve the user experience of the user of theuser device. In addition, a transaction terminal manufacturer canprovide a transaction terminal that includes fewer components thatidentify or authenticate the person presenting the transaction card fora card-present transaction (e.g., a camera, a biometric reader, and/orthe like), which simplifies the design and manufacture of thetransaction terminal, thereby reducing the technical complexity of thetransaction terminal, and accordingly reduces costs to manufacture andmaintain the transaction terminal. This also reduces wear and tear ofthe transaction terminal that would otherwise utilize the componentsthat identify or authenticate the person presenting the transaction cardfor the card-present transaction.

FIGS. 1A-1F are diagrams of an example implementation 100 describedherein. As shown in FIG. 1A, example implementation 100 may include atransaction terminal, a transaction authorization platform, atransaction card, and/or a user device operated by a user (e.g., anowner of the transaction card, an authorized user of the transactioncard, and/or the like). In some implementations, the transactionterminal may be an electronic telecommunications device, such as a pointof sale (PoS) terminal, a security access terminal, an automated tellermachine (ATM) terminal, and/or the like that enables a user to perform atransaction, such as a purchase, a return, a cash withdrawal, a deposit,a transfer of funds, and/or the like. The transaction terminal mayinclude a display device, a physical input interface (e.g., a keypad, akeyboard, a touchscreen display, a touch capacitive screen display,and/or the like), a slot for receiving the transaction card, and/or oneor more other components (e.g., a printer for printing a receipt, acamera for capturing an image of the user, and/or the like).

In some implementations, the transaction authorization platform may be acomputing device, a server, a cloud computing device, and/or the likethat monitors and/or authorizes one or more transactions of thetransaction terminal. In some implementations, the transaction card maybe a physical card capable of storing data and/or communicating the datato facilitate a transaction. In some implementations, the transactioncard may include one or more features and/or one or more components forstoring the data, such as a string, an account number, a bar code, amagnetic strip, a quick response (QR) code, an integrated circuit (IC)chip, and/or the like. For example, the transaction card may include amagnetic strip and/or an IC chip, such as a EUROPAY®, MASTERCARD®, VISA®(EMV) chip, or the like). In some implementations, the IC chip may beable to execute one or more instructions (e.g., computer code), encryptand/or decrypt data, perform processing functions, and/or the like. Insome implementations, the transaction card may be a virtual card storedin a mobile wallet, virtual wallet, and/or the like of the user device.In some implementations, the transaction card may be associated with theuser of the user device (e.g., the user of the user device is an ownerof the transaction card, an authorized user of the transaction card,and/or the like) In some implementations, the user device may be acommunication and/or computing device, such as a mobile phone, asmartphone, a laptop computer, a tablet computer, and/or the like, thatincludes a camera device, a microphone, a biometric sensor (e.g., afingerprint reader, a retina scanner, and/or the like), a display, aspeaker, and/or a wireless transceiver, such as a near fieldcommunication (NFC) transceiver, a Bluetooth transceiver, and/or thelike.

Some example implementations described herein concern a singletransaction terminal, transaction authorization platform, transactioncard, user, and/or user device, but implementations may include aplurality of transaction terminals, transaction authorization platforms,transaction cards, user devices, and/or users. In some implementations,the transaction terminal, the transaction authorization platform, and/orthe user device may be connected via a network, such as the internet, anintranet, and/or the like.

As shown by reference number 102, a person (e.g., a holder of thetransaction card, or another person, such as a cashier, a salesrepresentative, and/or the like) may interact with the transactionterminal to initiate a card-present transaction (e.g., a purchase, acash withdrawal, a money transfer, and/or the like). In someimplementations, the person may be the user of the user device (e.g.,the owner of the transaction card, the authorized user of thetransaction card, and/or the like). In some implementations, the personmay not be the user of the user device (e.g., a bad actor, such as anunauthorized user of the transaction card). In some implementations, theperson may interact with the transaction terminal by enteringinformation via the input interface of the transaction terminal and/orinputting the transaction card via the slot of the transaction terminal(e.g., by inserting the transaction card, by swiping the transactioncard, and/or the like) to initiate the transaction. In someimplementations, the transaction terminal may obtain the data stored bythe transaction card by accessing and/or reading the one or morefeatures and/or the one or more components of the transaction card.

As shown by reference number 104, the transaction terminal may send atransaction request to the transaction authorization platform. In someimplementations, the transaction request may concern the transaction,the transaction card, the transaction terminal, and/or the like. Forexample, the transaction request may include the information entered viathe input interface of the transaction terminal. As another example, thetransaction request may include the data stored by the transaction card.In some implementations, the transaction request may indicate a type ofthe transaction, such as a magnetic strip based transaction, a QR codebased transaction, an IC chip based transaction, and/or the like.

As shown by reference number 106, the transaction authorization platformmay receive the transaction request and determine, based on thetransaction request, information about the transaction card. Forexample, the transaction authorization platform may parse thetransaction request to determine and/or identify the data stored by thetransaction card and look up, based on the data stored by thetransaction card, the information about the transaction card. In someimplementations, the information about the transaction card may includeinformation about an authorized user of the transaction card; anorganization associated with the transaction card; an account associatedwith the transaction card; an amount of money associated with thetransaction card; an image associated with the transaction card; whetherthe transaction card has been flagged as possibly compromised (e.g.,whether the transaction card has been lost and/or stolen, possiblysubject to fraud, and/or the like), whether magnetic strip basedtransactions, IC chip based transactions, and/or the like are allowedfor a period of time, whether card-present transactions (e.g.,transactions where the transaction card is presented to a transactionterminal), card-not-present transactions (e.g., transactions where thetransaction card is not presented to a transaction terminal, such asover-the-phone transactions, web form transactions, and/or the like),and/or the like, are allowed for the period of time; and/or the like.

As shown in FIG. 1B and by reference number 108, the transactionauthorization platform may send (e.g., via an electronic message, suchas a text message, and email message, a push message, an automated phonecall, and/or the like), based on the transaction request, a queryconcerning possession of the transaction card by the user of the userdevice (also referred to herein as “the user”) to the user device. Forexample, the transaction authorization platform may send a query thatincludes an instruction for the user to confirm possession of thetransaction card via the user device. In some implementations, theinstruction may indicate that the user is to confirm possession of thetransaction card via a component of the user device, such as the cameradevice of the user device, the wireless transceiver of the user device,and/or the like. In some implementations, the transaction authorizationplatform may send a message to the transaction terminal to cause thetransaction terminal to display the message on a display of thetransaction terminal. The message may indicate that the user is to usethe user device to confirm possession of the transaction card (e.g., thetransaction authorization platform may display “Please continue thisauthorization process on your user device”). As shown by referencenumber 110, the user device may receive the query and may display theinstruction on the display of the user device, may present theinstruction via the speaker of the user device, and/or the like. In someimplementations, the user device may cause display, presentation, and/orthe like, of the instruction, based on receiving the query.

In some implementations, the user may read the instruction on thedisplay of the user device, listen to the instruction emitted from thespeaker of the user device, and/or the like, and present, based on theinstruction, the transaction card to the user device and/or thecomponent of the user device to confirm possession of the transactioncard. For example, the user may hold the transaction card near the userdevice so that the wireless transceiver may communicate with thetransaction card, may place the transaction card in a field of view ofthe camera device so that the camera device may capture an image of thetransaction card, and/or the like. In some implementations, the user mayread the message on the display of the transaction terminal and cause,based on the message, the user device to run an application on the userdevice for the user device to interact with the transaction card, andpresent, based on causing the user device to run the application, thetransaction card to the user device and/or the component of the userdevice to confirm possession of the transaction card.

As shown in FIG. 1C, and by reference number 112, the user device mayobtain data concerning the transaction card, such as some or all of thedata saved on the transaction card. In some implementations, the querymay cause the user device to operate the component of the user device,such as the camera device, the wireless transceiver, and/or the like, toobtain the data concerning the transaction card. For example, the querymay cause the user device to operate an NFC transceiver of the userdevice to communicate with the IC chip of the transaction card todetermine IC chip data concerning the transaction card. As anotherexample, the query may cause the user device to operate a camera deviceof the user device to obtain image data concerning the transaction card.In an additional example, the query may cause the user device to operatethe camera device to obtain a plurality of images that includes at leastone image of a front of the transaction card and at least one image of aback of the transaction card.

As shown by reference number 114, the user device may send a responseconcerning possession of the transaction card by the user to thetransaction authorization platform. In some implementations the responsemay be based on and/or include the data concerning the transaction card.For example, the response may be based on and/or include the IC chipdata, the image data, the plurality of images, and/or the like. Asanother example, user device may run an application (e.g., an applet, aprogram, and/or the like) included in the IC chip data to generate andsend the response.

As shown by reference number 116, the transaction authorization platformmay receive the response and determine whether the user has possessionof the transaction card. In some implementations, the transactionauthorization platform may process the response and/or the informationconcerning the transaction card to determine whether the user haspossession of the transaction card. For example, the transactionauthorization platform may determine whether the person presenting thetransaction card is the user based on the response and/or theinformation concerning the transaction card to determine whether theuser has possession of the transaction card. In some implementations,the transaction authorization platform may determine that the user haspossession of the transaction card. For example, the transactionauthorization platform may determine that the user has possession of thetransaction card if the response (received from the user device) isassociated with (e.g., matches, corresponds with, relates to, concerns,and/or the like) the information (received from the transactionterminal) concerning the transaction card. In some implementations, thetransaction authorization platform may determine that the user does nothave possession of the transaction card. For example, the transactionauthorization platform may determine that the user does not havepossession of the transaction card if the response (received from theuser device) is not associated with (e.g., does not match, does notcorrespond with, does not relate to, does not concern, and/or the like)the information concerning the transaction card (received from thetransaction terminal). As another example, the transaction authorizationplatform may determine that the user does not have possession of thetransaction card if the transaction authorization platform does notreceive a response (e.g., no response was sent by the user device, theresponse was not successfully transmitted to the transactionauthorization platform, and/or the like).

In some implementations, where the response includes the IC chip data,the transaction authorization platform may determine whether the userhas possession of the transaction card based on the IC chip data and/orthe information concerning the transaction card. For example, thetransaction authorization platform may compare the IC chip data and theinformation concerning the transaction card to determine whether the ICchip data is associated with the information concerning the transactioncard. As another example, the transaction authorization platform maycompare the IC chip data and the information concerning the transactioncard to determine whether some or all of the IC chip data is accuratewithin a tolerance. In another example, the transaction authorizationplatform may compare the IC chip data and the information concerning thetransaction card to determine whether an application transaction counter(ATC) value associated with the IC chip and/or the IC chip data isaccurate within a tolerance.

In some implementations, where the response includes the image data, thetransaction authorization platform may determine whether the user haspossession of the transaction card based on the image data and theinformation concerning the transaction card. For example, thetransaction authorization platform may process the image data using anoptical character recognition (OCR) technique to determine at least onefeature of the transaction card (e.g., a string, account number, and/orthe like), and/or using other image processing to decode a bar code, aQR code, and/or the like, and may determine whether the at least onefeature is associated with the information concerning the transactioncard. Moreover, the transaction authorization platform may process theimage data to determine whether the image data was captured using acamera of the user device (e.g., the image data was not stored in aphoto library of the user device) and/or whether the image data wasobtained by the user device within a threshold period of time after thetransaction authorization platform received the transaction request(e.g., the image data was obtained during the transaction). As anotherexample, the transaction authorization platform may process the imagedata using an image processing technique to determine one or more imagesof the transaction card and determine whether the one or more images areassociated with the information concerning the transaction card (e.g.,whether the one or more images match or are similar to at least oneimage of the transaction card included in the information concerning thetransaction card).

In some implementations, where the response includes the plurality ofimages, the transaction authorization platform may determine whether theuser has possession of the transaction card based on the plurality ofimages and the information concerning the transaction card. For example,the transaction authorization platform may determine that the pluralityof images contain image information that is associated with theinformation concerning the transaction card. Additionally, oralternatively, the transaction authorization platform may compare the atleast one image of the front of the transaction card and the at leastone image of the back of the transaction card, of the plurality ofimages. In this way, the transaction authorization platform maydetermine that the transaction card presented by the user is authenticif the at least one image of the front of the transaction cardcorresponds with the at least one image of the back of the transactioncard.

Additionally, the transaction authorization platform may determinewhether the user is authorized to possess and/or use the transactioncard. As shown in FIG. 1D and by reference number 118, the transactionauthorization platform may send a query concerning identification of theuser and/or the transaction card. In some implementations, thetransaction authorization platform may send the query based on thetransaction request and/or determining that the user has possession ofthe transaction card. The transaction authorization platform may send aquery that includes an instruction for the user to provideidentification via the user device. In some implementations, theinstruction may indicate that the user is to provide identification ofthe user via a component of the user device, such as the camera deviceof the user device, the microphone of the user device, the wirelesstransceiver of the user device, and/or the like. In someimplementations, the instruction may indicate that the user is to answerat least one security question associated with user and/or user device;present an identification card of the user, one or more parts of theuser's body, a voice of the user, and/or the like; and/or the like. Asshown by reference number 120, the user device may receive the query andmay display the instruction on the display of the user device. In someimplementations, the user device may cause display of the instructionbased on receiving the query.

In some implementations, the user may read the instruction on thedisplay of the user device and, based on the instruction, provide ananswer to the at least one security question and/or present anidentification card of the user, one or more parts of the user's body, avoice of the user, and/or the like to the user device and/or thecomponent of the user device to confirm possession of the transactioncard. For example, the user may enter the answer to the at least onesecurity question via a user interface of the user device (e.g., atouchscreen display of the user device). In another example, the usermay hold the identification card near the user device so that thewireless transceiver may communicate with the identification card, mayplace the identification card in a field of view of the camera device sothat the camera device may capture an image of the identification card,and/or the like. As another example, the user may point the cameradevice of the user device at the face of the user so that the cameradevice may capture at least one image of the user's face and/or a facialexpression, may place a finger of the user on the biometric sensor ofthe user device so that the biometric sensor may obtain a fingerprint ofthe user, and/or the like. In another example, the user may utter one ormore words so that the microphone of the user device may capture the oneor more words, a voice of the user, and/or the like. The one or morewords may be the answer to the at least one security question.

As shown in FIG. 1E and by reference number 122, the user device mayobtain data concerning identification of the user. In someimplementations, the query may cause the user device to operate acomponent of the user device, such as the microphone, the camera device,the wireless transceiver, and/or the like, to obtain the data concerningidentification of the user. For example, the query may cause the userdevice to operate the microphone of the user to obtain audio dataconcerning identification of the user. In some implementations, theaudio data may include the one or more words, the voice of the user, avoice characteristic, and/or the like of the user. As another example,the query may cause the user device to operate the camera device toobtain image data concerning identification of the user. In someimplementations, the image data may include at least one image of theidentification card. In some implementations, the image data may includethe at least one image of the face, the facial expression, a visualcharacteristic, and/or the like of the user. In another example, thequery may cause the user device to operate the biometric sensor toobtain biometric data concerning identification of the user. In someimplementations, the biometric data may include the fingerprint, aretina, a biometric characteristic and/or the like of the user.

As shown by reference number 124, the user device may send a responseconcerning identification of the user to the transaction authorizationplatform. In some implementations the response may be based on and/orinclude the data concerning identification of the user. For example, theresponse may be based on and/or include the audio data, the image data,the biometric data, and/or the like.

As shown by reference number 126, the transaction authorization platformmay receive the response concerning identification of the user anddetermine whether the user is authorized to possess the transaction card(e.g., whether the user is authorized to use the transaction card toconduct card-present transactions). In some implementations, thetransaction authorization platform may process the response and/or theinformation concerning the transaction card to determine whether theuser is authorized to possess the transaction card. In someimplementations, the transaction authorization platform may determinethat the user is authorized to possess the transaction card. Forexample, the transaction authorization platform may determine that theuser is authorized to possess the transaction card if the response(received from the user device) is associated with (e.g., matches,corresponds with, relates to, concerns, and/or the like) the informationconcerning the transaction card (received from the transactionterminal). In some implementations, the transaction authorizationplatform may determine that the user is not authorized to possess thetransaction card. For example, the transaction authorization platformmay determine that the user is not authorized to possess the transactioncard if the response (received from the user device) is not associatedwith (e.g., does not match, correspond with, relate to, concern, and/orthe like) the information concerning the transaction card (received fromthe transaction terminal).

In some implementations, where the response includes the audio data, thetransaction authorization platform may determine whether the user isauthorized to possess the transaction card based on the audio dataand/or the information concerning the transaction card. For example, thetransaction authorization platform may process the audio data todetermine the one or more words and determine that at least one of theone or more words matches a password included in the informationconcerning the transaction card. As another example, the transactionauthorization platform may process the audio data to determine the voiceof the user and determine, based on the information concerning thetransaction card, that the voice corresponds with a voice profile of anauthorized user of the transaction card.

In some implementations, where the response includes the image data, thetransaction authorization platform may determine whether the user isauthorized to possess the transaction card based on the image data andthe information concerning the transaction card. For example, thetransaction authorization platform may process the image data todetermine the at least one image of the face and determine, based on theinformation concerning the transaction card, whether the at least oneimage of the face is associated with a facial profile of an authorizeduser of the transaction card. As another example, the transactionauthorization platform may process the image data to determine the atleast one image of the identification card and determine whether the atleast one image of the identification card contains image informationthat is associated with the information concerning the transaction card.

As shown in FIG. 1F and reference number 128, the transactionauthorization platform may perform, or cause to be performed, at leastone action. In some implementations, the transaction authorizationplatform may perform, or cause to be performed, the at least one actionbased on determining whether the user has possession of the transactioncard and/or determining whether the user is authorized to possess thetransaction card.

In some implementations, the at least one action includes sending amessage, such as a signal, command, instruction, and/or the like, to thetransaction terminal or an additional device. In some implementations,where the transaction authorization platform determines that the userhas possession of the transaction card and/or that the user isauthorized to possess the transaction card, the message may indicatethat the transaction is allowed and/or the message may cause thetransaction terminal or the additional device to allow the transaction.For example, the transaction authorization platform may send the messageto the transaction terminal to cause the transaction terminal to allowthe transaction. In some implementations, where the transactionauthorization platform determines that the user does not have possessionof the transaction card and/or that the user is not authorized topossess the transaction card, the message may indicate that thetransaction is not allowed and/or the message may cause the transactionterminal or the additional device to decline the transaction.

In some implementations, the at least one action includes cancelling thetransaction card and/or causing a new transaction card to be issued tothe user. For example, where the transaction authorization platformdetermines that the user does not have possession of the transactioncard and/or that the user is not authorized to possess the transactioncard, the transaction authorization platform may cancel the transactioncard and/or initiate issuance of a new transaction card to the user. Inanother example, where the transaction authorization platform determinesthat the user does not have possession of the transaction card and/orthat the user is not authorized to possess the transaction card, thetransaction authorization platform may cause the transaction terminal orthe additional device to cancel the transaction card and/or initiateissuance of a new transaction card to the user.

In some implementations, the at least one action includes updating theinformation concerning the transaction card. In some implementations,where the transaction authorization platform determines that the userhas possession of the transaction card and/or that the user isauthorized to possess the transaction card, the transactionauthorization platform may update the information concerning thetransaction card to indicate that the user had possession of thetransaction card and/or that the user was authorized to possess thetransaction card at the time of the transaction; that the transactioncard has not been compromised; that magnetic strip based transactions,IC chip based transactions, and/or the like are allowed for a period oftime (e.g., a day, a week, a month, and/or the like); that card-presenttransactions (e.g., transactions where the transaction card is presentedto a transaction terminal) are allowed for the period of time and/orcard-not-present transactions (e.g., transactions where the transactioncard is not presented to a transaction terminal, such as over-the-phonetransactions, web form transactions, and/or the like) are allowed forthe period of time; and/or the like.

In some implementations, where the transaction authorization platformdetermines that the user does not have possession of the transactioncard and/or that the user is not authorized to possess the transactioncard, the transaction authorization platform may update the informationconcerning the transaction card to indicate that the user did not havepossession of the transaction card and/or that the user was notauthorized to possess the transaction card at the time of thetransaction; that the transaction card may be compromised; that magneticstrip based transaction requests, IC chip based transaction requests,and/or the like are not allowed for a period of time (e.g., a day, aweek, a month, and/or the like); that card-present transactions are notallowed for the period of time, that card-not-present transactions arenot allowed for the period of time; and/or the like. In someimplementations, the transaction authorization platform may initiatefraud processing proceedings concerning the transaction card (e.g.,cause particular transaction card transactions to be marked asfraudulent, cause the user to confirm that the particular transactioncard transactions were fraudulent, and/or the like).

As indicated above, FIGS. 1A-1F are provided merely as an example. Otherexamples may differ from what is described with regard to FIGS. 1A-1F.

FIG. 2 is a diagram of an example environment 200 in which systemsand/or methods described herein may be implemented. As shown in FIG. 2,environment 200 may include a transaction card 210, a transactionterminal 220, a user device 230, a network 240, a transactionauthorization platform 250, and/or the like. Devices of environment 200may interconnect via wired connections, wireless connections, or acombination of wired and wireless connections.

Transaction card 210 includes a transaction card capable of storing dataand/or communicating the data to facilitate a transaction. Transactioncard 210 is capable of storing and/or communicating data for a point ofsale (PoS) transaction with transaction terminal 220. For example,transaction card 210 may store or communicate data including accountinformation (e.g., an account identifier, a cardholder identifier,etc.), expiration information of transaction card 210, bankinginformation, transaction information (e.g., a payment token), and/or thelike. In some implementations transaction card 210 may include one ormore features and/or one or more components for storing andcommunicating the data, such as a string, an account number, a bar code,a magnetic strip, a quick response (QR) code, an integrated circuit (IC)chip, and/or the like. For example, to store or communicate the data,transaction card 210 may include a magnetic strip and/or an integratedcircuit (IC) chip (e.g., a EUROPAY®, MASTERCARD®, VISA® (EMV) chip, orthe like).

In some implementations, transaction card 210 may include an antenna tocommunicate data associated with transaction card 210. The antenna maybe a passive radio frequency (RF) antenna, an active RF antenna, and/ora battery-assisted RF antenna. In some implementations, transaction card210 may be a smart transaction card, capable of communicating wirelessly(e.g., via Bluetooth, Bluetooth Low Energy (BLE), near-fieldcommunication (NFC), and/or the like) with a computing device, such astransaction terminal 220, user device 230, a digital wallet, and/oranother device. In some implementations, transaction card 210 maycommunicate with transaction terminal 220 to complete a transaction(e.g., based on being moved within communicative proximity oftransaction terminal 220). In some implementations, transaction card 210may communicate with user device 230 to facilitate a user of the userdevice 230 verifying that the user has possession of the transactioncard 210 (e.g., based on being moved within communicative proximity ofuser device 230).

Transaction terminal 220 includes one or more devices capable ofreceiving, generating, storing, processing, and/or providing informationassociated with facilitating a transaction (such as a PoS transaction).For example, transaction terminal 220 may include a communication deviceand/or computing device capable of receiving data from transaction card210 and/or processing a transaction based on the data. In someimplementations, transaction terminal 220 may include a desktopcomputer, a laptop computer, a tablet computer, a handheld computer,and/or a mobile phone (e.g., a smart phone, a radiotelephone, etc.).Transaction terminal 220 may be owned and/or operated by one or moreindividuals or businesses engaged in a sale of goods or services (e.g.,one or more merchants, vendors, service providers, and/or the like).

Transaction terminal 220 may include one or more devices to facilitateprocessing a transaction via transaction card 210. Transaction terminal220 may include a PoS terminal, a security access terminal, an ATMterminal, and/or the like. Transaction terminal 220 may include one ormore input devices and/or output devices to facilitate obtainingtransaction card data from transaction card 210 and/or interaction orauthorization from a cardholder of transaction card 210. Example inputdevices of transaction terminal 220 may include a number keypad, atouchscreen, a magnetic strip reader, a chip reader, and/or an RF signalreader. A magnetic strip reader of transaction terminal 220 may receivetransaction card data as a magnetic strip of transaction card 210 isswiped along the magnetic strip reader. A chip reader of transactionterminal 220 may receive transaction card data from an IC chip (e.g., anEMV chip) of transaction card 210 when the chip is placed in contactwith the chip reader. An RF signal reader of transaction terminal 220may enable contactless transactions from transaction card 210 byobtaining transaction card data wirelessly from transaction card 210 astransaction card 210 comes within a range of transaction terminal 220that the RF signal reader may detect an RF signal from an RF antenna oftransaction card 210. Example output devices of transaction terminal 220may include a display device, a speaker, a printer, and/or the like.

User device 230 includes one or more devices capable of receiving,generating, storing, processing, and/or providing information, such asinformation described herein. For example, user device 230 may include amobile phone (e.g., a smart phone, a radiotelephone, etc.), a laptopcomputer, a tablet computer, a desktop computer, a handheld computer, agaming device, a wearable communication device (e.g., a smartwristwatch, a pair of smart eyeglasses, etc.), or a similar type ofdevice. In some implementations, user device 230 may receive informationfrom and/or transmit information to transaction authorization platform250, and/or may obtain data concerning transaction card 210 (e.g., via acamera, wireless transceiver, and/or the like of user device 230).

Network 240 includes one or more wired and/or wireless networks. Forexample, network 240 may include a cellular network (e.g., a long-termevolution (LTE) network, a code division multiple access (CDMA) network,a 3G network, a 4G network, a 5G network, another type of nextgeneration network, etc.), a public land mobile network (PLMN), a localarea network (LAN), a wide area network (WAN), a metropolitan areanetwork (MAN), a telephone network (e.g., the Public Switched TelephoneNetwork (PSTN)), a private network, an ad hoc network, an intranet, theInternet, a fiber optic-based network, a cloud computing network, and/orthe like, and/or a combination of these or other types of networks.

Transaction authorization platform 250 includes one or more devicescapable of determining whether a user of the user device 230 haspossession of a transaction card and/or whether the user is authorizedto possess the transaction card. In some implementations, transactionauthorization platform 250 may be designed to be modular such thatcertain software components may be swapped in or out depending on aparticular need. As such, transaction authorization platform 250 may beeasily and/or quickly reconfigured for different uses. In someimplementations, transaction authorization platform may receiveinformation from and/or transmit information to transaction terminal 220and/or user device 230, such as via network 240.

In some implementations, as shown, transaction authorization platform250 may be hosted in a cloud computing environment 252. Notably, whileimplementations described herein describe transaction authorizationplatform 250 as being hosted in cloud computing environment 252, in someimplementations, transaction authorization platform 250 may benon-cloud-based (i.e., may be implemented outside of a cloud computingenvironment) or may be partially cloud-based.

Cloud computing environment 252 includes an environment that hoststransaction authorization platform 250. Cloud computing environment 252may provide computation, software, data access, storage, etc. servicesthat do not require end-user knowledge of a physical location andconfiguration of system(s) and/or device(s) that hosts transactionauthorization platform 250. As shown, cloud computing environment 252may include a group of computing resources 254 (referred to collectivelyas “computing resources 254” and individually as “computing resource254”).

Computing resource 254 includes one or more personal computers,workstation computers, server devices, or other types of computationand/or communication devices. In some implementations, computingresource 254 may host transaction authorization platform 250. The cloudresources may include compute instances executing in computing resource254, storage devices provided in computing resource 254, data transferdevices provided by computing resource 254, etc. In someimplementations, computing resource 254 may communicate with othercomputing resources 254 via wired connections, wireless connections, ora combination of wired and wireless connections.

As further shown in FIG. 2, computing resource 254 includes a group ofcloud resources, such as one or more applications (“APPs”) 254-1, one ormore virtual machines (“VMs”) 254-2, virtualized storage (“VSs”) 254-3,one or more hypervisors (“HYPs”) 254-4, and/or the like.

Application 254-1 includes one or more software applications that may beprovided to or accessed by transaction terminal 220 and/or user device230. Application 254-1 may eliminate a need to install and execute thesoftware applications on transaction terminal 220 and/or user device230. For example, application 254-1 may include software associated withtransaction authorization platform 250 and/or any other software capableof being provided via cloud computing environment 252. In someimplementations, one application 254-1 may send/receive informationto/from one or more other applications 254-1, via virtual machine 254-2.

Virtual machine 254-2 includes a software implementation of a machine(e.g., a computer) that executes programs like a physical machine.Virtual machine 254-2 may be either a system virtual machine or aprocess virtual machine, depending upon use and degree of correspondenceto any real machine by virtual machine 254-2. A system virtual machinemay provide a complete system platform that supports execution of acomplete operating system (“OS”). A process virtual machine may executea single program, and may support a single process. In someimplementations, virtual machine 254-2 may execute on behalf of a user(e.g., a user of transaction terminal 220 and/or user device 230 or anoperator of transaction authorization platform 250), and may manageinfrastructure of cloud computing environment 252, such as datamanagement, synchronization, or long-duration data transfers.

Virtualized storage 254-3 includes one or more storage systems and/orone or more devices that use virtualization techniques within thestorage systems or devices of computing resource 254. In someimplementations, within the context of a storage system, types ofvirtualizations may include block virtualization and filevirtualization. Block virtualization may refer to abstraction (orseparation) of logical storage from physical storage so that the storagesystem may be accessed without regard to physical storage orheterogeneous structure. The separation may permit administrators of thestorage system flexibility in how the administrators manage storage forend users. File virtualization may eliminate dependencies between dataaccessed at a file level and a location where files are physicallystored. This may enable optimization of storage use, serverconsolidation, and/or performance of non-disruptive file migrations.

Hypervisor 254-4 may provide hardware virtualization techniques thatallow multiple operating systems (e.g., “guest operating systems”) toexecute concurrently on a host computer, such as computing resource 254.Hypervisor 254-4 may present a virtual operating platform to the guestoperating systems, and may manage the execution of the guest operatingsystems. Multiple instances of a variety of operating systems may sharevirtualized hardware resources.

The number and arrangement of devices and networks shown in FIG. 2 areprovided as an example. In practice, there may be additional devicesand/or networks, fewer devices and/or networks, different devices and/ornetworks, or differently arranged devices and/or networks than thoseshown in FIG. 2. Furthermore, two or more devices shown in FIG. 2 may beimplemented within a single device, or a single device shown in FIG. 2may be implemented as multiple, distributed devices. Additionally, oralternatively, a set of devices (e.g., one or more devices) ofenvironment 200 may perform one or more functions described as beingperformed by another set of devices of environment 200.

FIG. 3 is a diagram of example components of a device 300. Device 300may correspond to transaction card 210, transaction terminal 220, userdevice 230, transaction authorization platform 250, and/or the like. Insome implementations, transaction card 210, transaction terminal 220,user device 230, transaction authorization platform 250, and/or the likemay include one or more devices 300 and/or one or more components ofdevice 300. As shown in FIG. 3, device 300 may include a bus 310, aprocessor 320, a memory 330, a storage component 340, an input component350, an output component 360, and a communication interface 370.

Bus 310 includes a component that permits communication among thecomponents of device 300. Processor 320 is implemented in hardware,firmware, or a combination of hardware and software. Processor 320 is acentral processing unit (CPU), a graphics processing unit (GPU), anaccelerated processing unit (APU), a microprocessor, a microcontroller,a digital signal processor (DSP), a field-programmable gate array(FPGA), an application-specific integrated circuit (ASIC), or anothertype of processing component. In some implementations, processor 320includes one or more processors capable of being programmed to perform afunction. Memory 330 includes a random access memory (RAM), a read onlymemory (ROM), and/or another type of dynamic or static storage device(e.g., a flash memory, a magnetic memory, and/or an optical memory) thatstores information and/or instructions for use by processor 320.

Storage component 340 stores information and/or software related to theoperation and use of device 300. For example, storage component 340 mayinclude a hard disk (e.g., a magnetic disk, an optical disk, amagneto-optic disk, and/or a solid state disk), a compact disc (CD), adigital versatile disc (DVD), a floppy disk, a cartridge, a magnetictape, and/or another type of non-transitory computer-readable medium,along with a corresponding drive.

Input component 350 includes a component that permits device 300 toreceive information, such as via user input (e.g., a touch screendisplay, a keyboard, a keypad, a mouse, a button, a switch, and/or amicrophone). Additionally, or alternatively, input component 350 mayinclude a sensor for sensing information (e.g., a global positioningsystem (GPS) component, an accelerometer, a gyroscope, and/or anactuator). Output component 360 includes a component that providesoutput information from device 300 (e.g., a display, a speaker, and/orone or more light-emitting diodes (LEDs)).

Communication interface 370 includes a transceiver-like component (e.g.,a transceiver and/or a separate receiver and transmitter) that enablesdevice 300 to communicate with other devices, such as via a wiredconnection, a wireless connection, or a combination of wired andwireless connections. Communication interface 370 may permit device 300to receive information from another device and/or provide information toanother device. For example, communication interface 370 may include anEthernet interface, an optical interface, a coaxial interface, aninfrared interface, a radio frequency (RF) interface, a universal serialbus (USB) interface, a Wi-Fi interface, a cellular network interface, orthe like.

Device 300 may perform one or more processes described herein. Device300 may perform these processes based on processor 320 executingsoftware instructions stored by a non-transitory computer-readablemedium, such as memory 330 and/or storage component 340. Acomputer-readable medium is defined herein as a non-transitory memorydevice. A memory device includes memory space within a single physicalstorage device or memory space spread across multiple physical storagedevices.

Software instructions may be read into memory 330 and/or storagecomponent 340 from another computer-readable medium or from anotherdevice via communication interface 370. When executed, softwareinstructions stored in memory 330 and/or storage component 340 may causeprocessor 320 to perform one or more processes described herein.Additionally, or alternatively, hardwired circuitry may be used in placeof or in combination with software instructions to perform one or moreprocesses described herein. Thus, implementations described herein arenot limited to any specific combination of hardware circuitry andsoftware.

The number and arrangement of components shown in FIG. 3 are provided asan example. In practice, device 300 may include additional components,fewer components, different components, or differently arrangedcomponents than those shown in FIG. 3. Additionally, or alternatively, aset of components (e.g., one or more components) of device 300 mayperform one or more functions described as being performed by anotherset of components of device 300.

FIG. 4 is a flow chart of an example process 400 for determining whethera user has possession of a transaction card and/or whether the user isauthorized to possess the transaction card. In some implementations, oneor more process blocks of FIG. 4 may be performed by a transactionauthorization platform (e.g., transaction authorization platform 250).In some implementations, one or more process blocks of FIG. 4 may beperformed by another device or a group of devices separate from orincluding the transaction authorization platform, such as a transactioncard (e.g., transaction card 210), a transaction terminal (e.g.,transaction terminal 220), a user device (e.g., user device 230), and/orthe like.

As shown in FIG. 4, process 400 may include receiving a transactionrequest concerning a transaction and a transaction card from atransaction terminal (block 410). For example, the transactionauthorization platform (e.g., using processor 320, memory 330, storagecomponent 340, input component 350, communication interface 370, and/orthe like) may receive a transaction request concerning a transaction anda transaction card from a transaction terminal, as described above.

As further shown in FIG. 4, process 400 may include determining, basedon the transaction request, information concerning the transaction card(block 420). For example, the transaction authorization platform (e.g.,using processor 320, memory 330, storage component 340, and/or the like)may determine, based on the transaction request, information concerningthe transaction card, as described above.

As further shown in FIG. 4, process 400 may include sending, based onthe transaction request and to a user device, a query concerningpossession of the transaction card by a user of the user device, whereinthe query includes an instruction for the user to confirm possession ofthe transaction card via a component of the user device (block 430). Forexample, the transaction authorization platform (e.g., using processor320, memory 330, storage component 340, output component 360,communication interface 370, and/or the like) may send, based on thetransaction request and to a user device, a query concerning possessionof the transaction card by a user of the user device, as describedabove. In some implementations, the query may include an instruction forthe user to confirm possession of the transaction card via a componentof the user device.

As further shown in FIG. 4, process 400 may include receiving, from theuser device and after sending the query to the user device, a responseconcerning possession of the transaction card by the user (block 440).For example, the transaction authorization platform (e.g., usingprocessor 320, memory 330, storage component 340, input component 350,communication interface 370, and/or the like) may receive, from the userdevice and after sending the query to the user device, a responseconcerning possession of the transaction card by the user, as describedabove.

As further shown in FIG. 4, process 400 may include determining, basedon the response and the information concerning the transaction card,whether the user has possession of the transaction card (block 450). Forexample, the transaction authorization platform (e.g., using processor320, memory 330, storage component 340, and/or the like) may determine,based on the response and the information concerning the transactioncard, whether the user has possession of the transaction card, asdescribed above.

As further shown in FIG. 4, process 400 may include performing, based ondetermining whether the user has possession of the transaction card, atleast one action (block 460). For example, the transaction authorizationplatform (e.g., using processor 320, memory 330, storage component 340,input component 350, communication interface 370, and/or the like) mayperform, based on determining whether the user has possession of thetransaction card, at least one action, as described above.

Process 400 may include additional implementations, such as any singleimplementation or any combination of implementations described belowand/or in connection with one or more other processes describedelsewhere herein.

In some implementations, the instruction may indicate that the user isto confirm possession of the transaction card via a near fieldcommunication (NFC) component of the user device, where the query causesthe user device to operate the NFC component of the user device tocommunicate with an integrated circuit (IC) chip of the transaction cardto determine IC chip data concerning the transaction card, and where theresponse is based on the IC chip data.

In some implementations, the instruction may indicate that the user isto confirm possession of the transaction card via a camera device of theuser device, where the query causes the user device to operate thecamera device of the user device to obtain image data concerning thetransaction card, and where the response is based on the image data.

In some implementations, the response may include integrated circuit(IC) chip data concerning the transaction card and, when determiningwhether the user has possession of the transaction card, the transactionauthorization platform may determine whether the IC chip data isassociated with the information concerning the transaction card.

In some implementations, the response may include image data concerningthe transaction card and, when determining whether the user haspossession of the transaction card, the transaction authorizationplatform may process the image data using an optical characterrecognition (OCR) technique to determine an account number of thetransaction card, and may determine whether the account number isassociated with the information concerning the transaction card.

In some implementations, the response may include image data and, whendetermining whether the user has possession of the transaction card, thetransaction authorization platform may process the image data using animage processing technique to determine one or more images of thetransaction card, and may determine whether the one or more images areassociated with the information concerning the transaction card.

In some implementations, the response may include image data and, whendetermining whether the user has possession of the transaction card, thetransaction authorization platform may process the image data todetermine one or more images of the transaction card, may process theimage data to determine one or more images of an identification cardassociated with the user, and may determine whether the one or moreimages of the transaction card and the one or more images of theidentification card contain image information that corresponds with theinformation concerning the transaction card.

In some implementations, when performing the at least one action, thetransaction authorization platform may send a message to the transactionterminal that causes the transaction terminal to allow the transaction,when the user has been determined to have possession of the transactioncard. In some implementations, when performing the at least one action,the transaction authorization platform may send a message to thetransaction terminal that causes the transaction terminal to decline thetransaction, when the user has been determined to not have possession ofthe transaction card.

Although FIG. 4 shows example blocks of process 400, in someimplementations, process 400 may include additional blocks, fewerblocks, different blocks, or differently arranged blocks than thosedepicted in FIG. 4. Additionally, or alternatively, two or more of theblocks of process 400 may be performed in parallel.

FIG. 5 is a flow chart of an example process 500 for determining whethera user has possession of a transaction card and/or whether the user isauthorized to possess the transaction card. In some implementations, oneor more process blocks of FIG. 5 may be performed by a transactionauthorization platform (e.g., transaction authorization platform 250).In some implementations, one or more process blocks of FIG. 5 may beperformed by another device or a group of devices separate from orincluding the transaction authorization platform, such as a transactioncard (e.g., transaction card 210), a transaction terminal (e.g.,transaction terminal 220), a user device (e.g., user device 230), and/orthe like.

As shown in FIG. 5, process 500 may include receiving a transactionrequest concerning a transaction and a transaction card from atransaction terminal (block 510). For example, the transactionauthorization platform (e.g., using processor 320, memory 330, storagecomponent 340, input component 350, communication interface 370, and/orthe like) may receive a transaction request concerning a transaction anda transaction card from a transaction terminal, as described above.

As further shown in FIG. 5, process 500 may include determining, basedon the transaction request, information concerning the transaction card(block 520). For example, the transaction authorization platform (e.g.,using processor 320, memory 330, storage component 340, and/or the like)may determine, based on the transaction request, information concerningthe transaction card, as described above.

As further shown in FIG. 5, process 500 may include sending, based onthe transaction request and to a user device, a first query concerningpossession of the transaction card by a user (block 530). For example,the transaction authorization platform (e.g., using processor 320,memory 330, storage component 340, output component 360, communicationinterface 370, and/or the like) may send, based on the transactionrequest and to a user device, a first query concerning possession of thetransaction card by a user, as described above.

As further shown in FIG. 5, process 500 may include receiving, from theuser device and after sending the first query to the user device, afirst response concerning possession of the transaction card by the user(block 540). For example, the transaction authorization platform (e.g.,using processor 320, memory 330, storage component 340, input component350, communication interface 370, and/or the like) may receive, from theuser device and after sending the first query to the user device, afirst response concerning possession of the transaction card by theuser, as described above.

As further shown in FIG. 5, process 500 may include determining, basedon the first response and the information concerning the transactioncard, that the user has possession of the transaction card (block 550).For example, the transaction authorization platform (e.g., usingprocessor 320, memory 330, storage component 340, and/or the like) maydetermine, based on the first response and the information concerningthe transaction card, that the user has possession of the transactioncard, as described above.

As further shown in FIG. 5, process 500 may include sending, to the userdevice and based on determining that the user has possession of thetransaction card, a second query concerning identification of the userof the user device (block 560). For example, the transactionauthorization platform (e.g., using processor 320, memory 330, storagecomponent 340, output component 360, communication interface 370, and/orthe like) may send, to the user device and based on determining that theuser has possession of the transaction card, a second query concerningidentification of the user, as described above.

As further shown in FIG. 5, process 500 may include receiving, from theuser device and after sending the second query to the user device, asecond response concerning identification of the user (block 570). Forexample, the transaction authorization platform (e.g., using processor320, memory 330, storage component 340, input component 350,communication interface 370, and/or the like) may receive, from the userdevice and after sending the second query to the user device, a secondresponse concerning identification of the user, as described above.

As further shown in FIG. 5, process 500 may include determining, basedon the second response and the information concerning the transactioncard, that the user is authorized to possess the transaction card (block580). For example, the transaction authorization platform (e.g., usingprocessor 320, memory 330, storage component 340, and/or the like) maydetermine, based on the second response and the information concerningthe transaction card, that the user is authorized to possess thetransaction card, as described above.

As further shown in FIG. 5, process 500 may include performing, based ondetermining that the user has possession of the transaction card anddetermining that the user is authorized to possess the transaction card,at least one action (block 590). For example, the transactionauthorization platform (e.g., using processor 320, memory 330, storagecomponent 340, input component 350, output component 360, and/or thelike) may perform, based on determining that the user has possession ofthe transaction card and determining that the user is authorized topossess the transaction card, at least one action, as described above.

Process 500 may include additional implementations, such as any singleimplementation or any combination of implementations described belowand/or in connection with one or more other processes describedelsewhere herein.

In some implementations, the first response may include a plurality ofimages of the transaction card, where the plurality of images includesat least one image of a front of the transaction card and at least oneimage of a back of the transaction card, and, when determining that theuser has possession of the transaction card, the transactionauthorization platform may determine that the at least one image of thefront of the transaction card corresponds with the at least one image ofthe back of the transaction card, and may determine that the pluralityof images contain image information that corresponds with theinformation concerning the transaction card.

In some implementations, the second response may include audio data,and, when determining that the user is authorized to possess thetransaction card, the transaction authorization platform may process theaudio data to determine one or more words, and may determine that atleast one of the one or more words matches a password included in theinformation concerning the transaction card.

In some implementations, the second response may include audio data,and, when determining that the user is authorized to possess thetransaction card, the transaction authorization platform may process theaudio data to determine a voice, and may determine, based on theinformation concerning the transaction card, that the voice correspondswith a voice profile of an authorized user.

In some implementations, the second response may include image data,and, when determining that the user is authorized to possess thetransaction card, the transaction authorization platform may process theimage data to determine at least one image of a face, and may determine,based on the information concerning the transaction card, that the atleast one image of the face matches a facial profile of an authorizeduser.

In some implementations, the information concerning the transaction cardmay indicate that the transaction card may be compromised, and, whenperforming the at least one action, the transaction authorizationplatform may update the information concerning the transaction card toindicate that the transaction card has not been compromised.

Although FIG. 5 shows example blocks of process 500, in someimplementations, process 500 may include additional blocks, fewerblocks, different blocks, or differently arranged blocks than thosedepicted in FIG. 5. Additionally, or alternatively, two or more of theblocks of process 500 may be performed in parallel.

FIG. 6 is a flow chart of an example process 600 for determining whethera user has possession of a transaction card and/or whether the user isauthorized to possess the transaction card. In some implementations, oneor more process blocks of FIG. 6 may be performed by a transactionauthorization platform (e.g., transaction authorization platform 250).In some implementations, one or more process blocks of FIG. 6 may beperformed by another device or a group of devices separate from orincluding the transaction authorization platform, such as a transactioncard (e.g., transaction card 210), a transaction terminal (e.g.,transaction terminal 220), a user device (e.g., user device 230), and/orthe like.

As shown in FIG. 6, process 600 may include receiving a transactionrequest concerning a transaction and a transaction card from atransaction terminal (block 610). For example, the transactionauthorization platform (e.g., using processor 320, memory 330, storagecomponent 340, input component 350, communication interface 370, and/orthe like) may receive a transaction request concerning a transaction anda transaction card from a transaction terminal, as described above.

As further shown in FIG. 6, process 600 may include determining, basedon the transaction request, information concerning the transaction card(block 620). For example, the transaction authorization platform (e.g.,using processor 320, memory 330, storage component 340, and/or the like)may determine, based on the transaction request, information concerningthe transaction card, as described above.

As further shown in FIG. 6, process 600 may include sending, by thedevice and based on the transaction request, to a user device a queryconcerning possession of the transaction card by a user of the userdevice (block 630). For example, the transaction authorization platform(e.g., using processor 320, memory 330, storage component 340, outputcomponent 360, communication interface 370, and/or the like) may send,by the device and based on the transaction request, to a user device aquery concerning possession of the transaction card by a user, asdescribed above.

As further shown in FIG. 6, process 600 may include receiving, aftersending the query to the user device, from the user device a responseconcerning possession of the transaction card by the user (block 640).For example, the transaction authorization platform (e.g., usingprocessor 320, memory 330, storage component 340, input component 350,communication interface 370, and/or the like) may receive, after sendingthe query to the user device, from the user device a response concerningpossession of the transaction card by the user, as described above.

As further shown in FIG. 6, process 600 may include determining, basedon the response and the information concerning the transaction card,that the user does not have possession of the transaction card (block650). For example, the transaction authorization platform (e.g., usingprocessor 320, memory 330, storage component 340, and/or the like) maydetermine, based on the response and the information concerning thetransaction card, that the user does not have possession of thetransaction card, as described above.

As further shown in FIG. 6, process 600 may include performing, based ondetermining that the user does not have possession of the transactioncard, at least one action (block 660). For example, the transactionauthorization platform (e.g., using processor 320, memory 330, storagecomponent 340, input component 350, output component 360, communicationinterface 370, and/or the like) may perform, based on determining thatthe user does not have possession of the transaction card, at least oneaction, as described above.

Process 600 may include additional implementations, such as any singleimplementation or any combination of implementations described belowand/or in connection with one or more other processes describedelsewhere herein.

In some implementations, when performing the at least one action, thetransaction authorization platform may update the information concerningthe transaction card to indicate that the transaction was attempted whenthe user did not have possession of the transaction card, and may send asignal to the transaction terminal to decline the transaction.

In some implementations, when performing the at least one action, thetransaction authorization platform may cause the transaction terminal todecline the transaction, may cause a different device associated withthe transaction card to cancel the transaction card, and may cause thedifferent device or another device to initiate issuance of a newtransaction card to the user.

In some implementations, when performing the at least one action, thetransaction authorization platform may update the information concerningthe transaction card to indicate that card-present transactions areallowed and that card-not-present transactions are not allowed. In someimplementations, when performing the at least one action, thetransaction authorization platform may cancel the transaction card, andmay cause a new transaction card to be issued to the user.

Although FIG. 6 shows example blocks of process 600, in someimplementations, process 600 may include additional blocks, fewerblocks, different blocks, or differently arranged blocks than thosedepicted in FIG. 6. Additionally, or alternatively, two or more of theblocks of process 600 may be performed in parallel.

The foregoing disclosure provides illustration and description, but isnot intended to be exhaustive or to limit the implementations to theprecise form disclosed. Modifications and variations may be made inlight of the above disclosure or may be acquired from practice of theimplementations.

As used herein, the term “component” is intended to be broadly construedas hardware, firmware, or a combination of hardware and software.

It will be apparent that systems and/or methods, described herein, maybe implemented in different forms of hardware, firmware, or acombination of hardware and software. The actual specialized controlhardware or software code used to implement these systems and/or methodsis not limiting of the implementations. Thus, the operation and behaviorof the systems and/or methods were described herein without reference tospecific software code—it being understood that software and hardwarecan be designed to implement the systems and/or methods based on thedescription herein.

Even though particular combinations of features are recited in theclaims and/or disclosed in the specification, these combinations are notintended to limit the disclosure of various implementations. In fact,many of these features may be combined in ways not specifically recitedin the claims and/or disclosed in the specification. Although eachdependent claim listed below may directly depend on only one claim, thedisclosure of various implementations includes each dependent claim incombination with every other claim in the claim set.

No element, act, or instruction used herein should be construed ascritical or essential unless explicitly described as such. Also, as usedherein, the articles “a” and “an” are intended to include one or moreitems, and may be used interchangeably with “one or more.” Furthermore,as used herein, the term “set” is intended to include one or more items(e.g., related items, unrelated items, a combination of related andunrelated items, etc.), and may be used interchangeably with “one ormore.” Where only one item is intended, the phrase “only one” or similarlanguage is used. Also, as used herein, the terms “has,” “have,”“having,” or the like are intended to be open-ended terms. Further, thephrase “based on” is intended to mean “based, at least in part, on”unless explicitly stated otherwise.

What is claimed is:
 1. A device, comprising: one or more memories; andone or more processors, communicatively coupled to the one or morememories, configured to: receive, from a transaction terminal, atransaction request concerning a transaction and a transaction card;determine, based on the transaction request, information concerning thetransaction card; send, based on the transaction request and to a userdevice, a query concerning possession of the transaction card by a userof the user device, wherein the query includes an instruction for theuser to confirm possession of the transaction card via a near fieldcommunication (NFC) device of the user device, and the query causing anapplication operating on the user device to use the NFC device tointeract with the transaction card; receive, from the user device andafter sending the query to the user device, a response concerningpossession of the transaction card by the user, the response includingintegrated circuit (IC) chip data received from an IC chip of thetransaction card; determine, based on the response and the informationconcerning the transaction card, whether the user has possession of thetransaction card, wherein the one or more processors, when determiningwhether the user has possession of the transaction card, are configuredto: compare the IC chip data with the information concerning thetransaction card to determine whether at least a portion of the IC chipdata is accurate within a tolerance; and perform, based on determiningwhether the user has possession of the transaction card, at least oneaction concerning authorization of the transaction.
 2. The device ofclaim 1, wherein the instruction indicates that the user is to confirmpossession of the transaction card via a camera device of the userdevice, wherein the query causes the user device to operate the cameradevice of the user device to obtain image data concerning thetransaction card, and wherein the response is based on the image data.3. The device of claim 2, wherein the response includes the image data,and wherein the one or more processors, when determining whether theuser has possession of the transaction card, are configured to: processthe image data using an optical character recognition (OCR) technique todetermine an account number of the transaction card; and determinewhether the account number is associated with the information concerningthe transaction card.
 4. The device of claim 1, wherein the responseincludes image data, wherein the one or more processors, whendetermining whether the user has possession of the transaction card, areconfigured to: process the image data using an image processingtechnique to determine one or more images of the transaction card; anddetermine whether the one or more images are associated with theinformation concerning the transaction card.
 5. The device of claim 1,wherein the response includes image data, wherein the one or moreprocessors, when determining whether the user has possession of thetransaction card, are configured to: process the image data to determineone or more images of the transaction card; process the image data todetermine one or more images of an identification card associated withthe user; and determine whether the one or more images of thetransaction card and the one or more images of the identification cardcontain image information that corresponds with the informationconcerning the transaction card.
 6. The device of claim 1, wherein theone or more processors, when performing the at least one action, areconfigured to: send a message to the transaction terminal that causesthe transaction terminal to allow the transaction, when the user hasbeen determined to have possession of the transaction card.
 7. Thedevice of claim 1, wherein the one or more processors, when performingthe at least one action, are configured to: send a message to thetransaction terminal that causes the transaction terminal to decline thetransaction, when the user has been determined to not have possession ofthe transaction card.
 8. A method, comprising: receiving, by a deviceand from a transaction terminal, a transaction request concerning atransaction and a transaction card; determining, by the device and basedon the transaction request, information concerning the transaction card;sending, by the device and based on the transaction request, to a userdevice a query concerning possession of the transaction card by a userof the user device, wherein the query includes an instruction for theuser to confirm possession of the transaction card via a near fieldcommunication (NFC) device of the user device, and the query causing anapplication operating on the user device to use the NFC device tointeract with the transaction card; receiving, by the device and aftersending the query to the user device, from the user device a responseconcerning possession of the transaction card by the user, the responseincluding integrated circuit (IC) chip data received from an IC chip ofthe transaction card; determining, by the device and based on theresponse and the information concerning the transaction card, that theuser does not have possession of the transaction card, whereindetermining that the user does not have possession of the transactioncard comprises: comparing the IC chip data with the informationconcerning the transaction card to determine whether at least a portionof the IC chip data is accurate within a tolerance; and performing, bythe device and based on determining that the user does not havepossession of the transaction card, at least one action associated withthe transaction.
 9. The method of claim 8, wherein performing the atleast one action comprises: updating the information concerning thetransaction card to indicate that the transaction was attempted when theuser did not have possession of the transaction card; and sending asignal to the transaction terminal to decline the transaction.
 10. Themethod of claim 8, wherein performing the at least one action comprises:causing the transaction terminal to decline the transaction; causing adifferent device associated with the transaction card to cancel thetransaction card; and causing the different device to initiate issuanceof a new transaction card to the user.
 11. The method of claim 8,wherein performing the at least one action comprises: updating theinformation concerning the transaction card to indicate thatcard-present transactions are allowed and that card-not-presenttransactions are not allowed.
 12. The method of claim 8, whereinperforming the at least one action comprises: cancelling the transactioncard; and causing a new transaction card to be issued to the user.
 13. Anon-transitory computer-readable medium storing instructions, theinstructions comprising: one or more instructions that, when executed byone or more processors, cause the one or more processors to: receive,from a transaction terminal, a transaction request concerning atransaction and a transaction card; determine, based on the transactionrequest, information concerning the transaction card; send, based on thetransaction request and to a user device, a query concerning possessionof the transaction card by a user of the user device, wherein the queryincludes an instruction for the user to confirm possession of thetransaction card via a near field communication (NFC) device of the userdevice, and the query causing an application operating on the userdevice to use the NFC device to interact with the transaction card;receive, from the user device and after sending the query to the userdevice, a response concerning possession of the transaction card by theuser, the response including integrated circuit (IC) chip data receivedfrom an IC chip of the transaction card; determine, based on theresponse and the information concerning the transaction card, whetherthe user has possession of the transaction card, wherein the one or moreprocessors, when determining whether the user has possession of thetransaction card, are configured to: compare the IC chip data with theinformation concerning the transaction card to determine whether atleast a portion of the IC chip data is accurate within a tolerance; andperform, based on determining whether the user has possession of thetransaction card, at least one action concerning authorization of thetransaction.
 14. The non-transitory computer-readable medium of claim13, wherein the one or more instructions, that cause the one or moreprocessors to perform the at least one action, cause the one or moreprocessors to: send a message to the transaction terminal that causesthe transaction terminal to allow the transaction, when the user hasbeen determined to have possession of the transaction card.
 15. Thenon-transitory computer-readable medium of claim 13, wherein theresponse includes audio data, and wherein the one or more instructions,when executed by the one or more processors, further cause the one ormore processors to: process the audio data to determine one or morewords; determine that at least one of the one or more words matches apassword included in the information concerning the transaction card;and determine, based on determining that the at least one of the one ormore words matches the password, that the user is authorized to possessthe transaction card.
 16. The non-transitory computer-readable medium ofclaim 13, wherein the response includes audio data, and wherein the oneor more instructions, when executed by the one or more processors,further cause the one or more processors to: process the audio data todetermine a voice; determine, based on the information concerning thetransaction card, that the voice corresponds with a voice profile of anauthorized user; and determine, based on determining that the voicecorresponds with the voice profile, that the user is authorized topossess the transaction card.
 17. The non-transitory computer-readablemedium of claim 13, wherein the one or more instructions, that cause theone or more processors to perform the at least one action, cause the oneor more processors to: send a message to the transaction terminal thatcauses the transaction terminal to decline the transaction, when theuser has been determined to not have possession of the transaction card.18. The non-transitory computer-readable medium of claim 13, wherein theinformation concerning the transaction card indicates that thetransaction card may be compromised, wherein the one or moreinstructions, that cause the one or more processors to perform the atleast one action, cause the one or more processors to: update theinformation concerning the transaction card to indicate that thetransaction card has not been compromised.
 19. The device of claim 1,wherein the one or more processors, when performing the at least oneaction, are configured to: update the information concerning thetransaction card to indicate that card-present transactions are allowedand that card-not-present transactions are not allowed.
 20. The deviceof claim 1, wherein the one or more processors, when performing the atleast one action, are configured to: cancel the transaction card; andcause a new transaction card to be issued to the user.